Vulnerabilities > Cisco > IOS > 12.2

DATE CVE VULNERABILITY TITLE RISK
2003-08-27 CVE-2003-0647 Remote Security vulnerability in IOS
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
network
low complexity
cisco
7.5
7.5
2003-08-18 CVE-2003-0567 Improper Input Validation vulnerability in Cisco products
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
network
low complexity
cisco CWE-20
7.8
7.8
2002-12-31 CVE-2002-2208 Denial Of Service vulnerability in Cisco IOS EIGRP Announcement ARP
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. 		7.8
7.8
2002-12-31 CVE-2002-1768 Denial of Service vulnerability in Cisco Malformed HSRP Traffic
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
network
low complexity
cisco
5.0
5.0
2002-12-31 CVE-2002-1706 Improper Verification of Cryptographic Signature vulnerability in Cisco IOS
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
network
low complexity
cisco CWE-347
7.5
7.5
2002-12-23 CVE-2002-1360 Improper Input Validation vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10
2002-12-23 CVE-2002-1359 Improper Input Validation vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10
2002-12-23 CVE-2002-1358 Improper Input Validation vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10
2002-12-23 CVE-2002-1357 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. 		10.0
10
2002-10-04 CVE-2002-1024 Resource Management Errors vulnerability in Cisco products
Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144).
network
cisco CWE-399
7.1
7.1